/**
 * Copyright (C) 2011 Andrew C. Love (DNC) <dnc.app.sup@gmail.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.dnc.cloak.service;

import java.util.List;

import javax.security.auth.Subject;

import com.dnc.cloak.framework.context.Context;
import com.dnc.cloak.framework.persistence.gen.SecRestriction;
import com.dnc.cloak.framework.persistence.gen.SecUserRole;
import com.dnc.cloak.framework.security.CloakPrincipal;
import com.dnc.cloak.framework.security.SecurityException;
import com.dnc.cloak.framework.service.Service;
import com.dnc.cloak.framework.service.ServiceException;

public interface SecurityService extends Service {
  
    Context login(String securityPolicy, String user, String credential) throws SecurityException, ServiceException;
    Subject login(Context context, String securityPolicy, String user, String credential) throws SecurityException, ServiceException ;
    Context createContext(String securityPolicy, Subject subject) throws SecurityException, ServiceException ;
    
    boolean isValid(Context context, String user, String credential) throws SecurityException, ServiceException;
    boolean isAuthorized(Context context, CloakPrincipal user, String roleId) throws SecurityException, ServiceException;
	boolean hasRole(Context context, CloakPrincipal user, String roleId) throws SecurityException, ServiceException;
    List<SecUserRole> getRoles(Context context, CloakPrincipal user) throws SecurityException, ServiceException;
	List<SecRestriction> getRestrictions(Context context, CloakPrincipal user) throws SecurityException, ServiceException;
	List<SecRestriction> getRestrictionsByType(Context context, CloakPrincipal user, String restrictionType) throws SecurityException, ServiceException;
	CloakPrincipal getCloakPrincipal(Subject subject);
	
    //    //IAuthorizer methods
    //    public CloakPrincipal login(IContext context, String user, String credential) throws ServiceException;
    //    public boolean isAuthorized(IContext context, CloakPrincipal user, String roleId) throws ServiceException;
    //    public boolean hasRole(IContext context, CloakPrincipal user, String roleId) throws ServiceException;
    //    public List<Role> getRoles(IContext context, CloakPrincipal user) throws ServiceException;
    //    public List<Role> getRolesWithCount(IContext context, CloakPrincipal user) throws ServiceException;
    //    public List<Restriction> getRestrictions(IContext context, CloakPrincipal user) throws ServiceException;
    //    public List<Restriction> getRestrictionsByType(IContext context, CloakPrincipal user, Restriction restriction) throws ServiceException;
    //    public List<RoleRestriction> getRoleRestrictions(IContext context, CloakPrincipal user) throws ServiceException;
    //    public boolean isValid(IContext context, String user, String credential) throws ServiceException;
    //    
    //    //IAuthorizerAdministrator
    //    public void dncPrincipalCRUD(IContext context, List<CloakPrincipal> dncPrincipals) throws ServiceException ;
    //    public void dncPrincipalRoleCRUD(IContext context,  List<Role> roles) throws ServiceException;    
    //    public List<CloakPrincipal> getUsers(IContext context, Role role) throws ServiceException;
    //    public List<CloakPrincipal> getUsers(IContext context) throws ServiceException;
    //    public void newUser(IContext context, CloakPrincipal DNCPrincipal, String pw) throws ServiceException;  
    //    public void updateUser(IContext context, CloakPrincipal DNCPrincipal) throws ServiceException;  
    //    public void deleteUser(IContext context, CloakPrincipal DNCPrincipal) throws ServiceException;  
    //    public void grantRole(IContext context, String DNCPrincipalId, String roleId) throws ServiceException;
    //    public void revokeRole(IContext context, String DNCPrincipalId, String roleId) throws ServiceException;  
    //    public void revokeRoles(IContext context, String DNCPrincipalId) throws ServiceException;
    //    public void newRole(IContext context, Role role) throws ServiceException;  
    //    public void updateRole(IContext context, Role role) throws ServiceException;  
    //    public void deleteRole(IContext context, Role role) throws ServiceException;    
    //    public boolean changePassword(IContext context, CloakPrincipal user, String newPw) throws ServiceException;


}
